Facebook did not kill privacy, it was already dead

One of my favourite cartoons is the 1970 Newsweek cover that depicts the end of privacy, to me it clearly portrays our fears about loss of control and technologies designed to keep track of our every move. Time Magazine declared the death of privacy in 1997. In 1999, Scott McNealy of Sun Microsystems famously said “You have zero privacy anyway. Get over it”. More recently, he reiterated the feeling in an interview, “privacy, you still don’t have any”.

I must admit that I have been surprised by the strength of public outrage after the Cambridge Analytica scandal, but not by act itself. If you were surprised by the misuse of data to get Trump elected then you have not been paying attention. For days my Cyberlaw timeline has been filled with ‘I told you sos’; once more the tinfoil-hat-wearing brigade is proven correct.

But smug privacy advocates aside, Facebook is facing a tremendous backlash because it empowered and enabled the breach of confidence that allowed the mining of information that was used by Cambridge Analytica. The company has seen its stock plummet, and for a while #DeleteFacebook was trending on Twitter. I’m on record as not being a fan of Facebook, and my recent interaction with the platform has dwindled to the occasional cat picture and duck selfie. However, this diminished interaction is not due to privacy concerns, but mostly because of a growing sense of annoyance at the conservative political views expressed by many people that I used to call my friends. But Facebook remains one of the most important ways in which people interact socially online, and despite the few grumblings, I suspect that it will remain so for at least the next few years. Calls to delete Facebook sound shallow when the people doing so will retain their Instagram and Whatsapp accounts.

And this is perhaps the issue that I have with all of the brouhaha surrounding Cambridge Analytica, it is missing the forest for the trees. If you’re concerned about Facebook and Cambridge Analytica (and you should be), may I introduce you to Palantir, a company so shady that it advertises its purpose in its name? Have we already forgotten about Snowden and widespread state surveillance? Have you tried checking your Google Activity and Location History (via this excellent article)? Have you looked at all the ever-present CCTV cameras around us? Why aren’t people worried about Alexa and other personal assistants?

In many ways, privacy has been dead for a while, but it was killed not by a tech giant, but by a thousand cuts. For every privacy-minded expert out there, there are thousands of people who gleefully give away their data for a chance to know which Friends character they are. The ubiquitous smartphone is a surveillance mechanism the likes of which we have never seen before, and its prevalence with teenagers is such that there is an entire generation growing up with little expectation of privacy, and the boundaries that we took for granted may even seem outdated.

So you may forgive me if the apparent threat of Facebook does not leave me trembling with fear. Facebook is just a piece of a puzzle that is about to get worse. Wearable technologies are already allowing the mining of data that can uncover secret installations. Now that Google has opened its Maps API, we are about to see Google Map integration to countless new games. The Internet of Things is already being deployed in household devices, and these will often be insecure and easily hackable. Smart Cities are just an euphemism for “always-on pervasive surveillance”.

What should we do to redress this Orwellian dystopia? I have to admit that I tend to be sceptical about most regulatory and legislative solutions. Most data protection legislation relies on consent, but it is difficult to gain meaningful consent when people sign up to apps giving permission for all sorts of misuse, often willingly. I have always been a critic of cookie legislation and other similar solutions because you give just a pretence of privacy, it becomes another nagging screen that you ignore without reading. It looks like GDPR might have more bite, but either consent will still be sought through nagging, or companies will willingly pay fines as a tax, the profits to be made from data are just too juicy to give up.

However, I am not advocating doing nothing, but understanding the scale of the problem is one part of the solution. We should be mindful that unless there is a drastic change in surveillance capitalism and the prevalence of data markets, this situation will not go away, regardless of how many people abandon Facebook.

It often surprises friends and colleagues that I am not a privacy advocate, and I often approach data and privacy from a pragmatic perspective. The first thing is perhaps to understand just how much information you are giving away. I always assume that my Internet habits will be collected by someone, be it my ISP, my employer, or my VPN company, this is a fact of life. I own a mobile phone with lots of apps, and I try to see what permissions are given to each one, but I rarely deny any. I use some loyalty cards. I have Google Pay and use it nowadays for almost everything. I use Gmail and Google Calendars and Google Maps. On the other hand, I always use ad blockers, sometimes even three layers of protection; and I will not buy IoT devices and personal assistants like Alexa.

Why am I being so open you may ask? Perhaps because for all its reach, technology seems to understand so very little about who we really are. I downloaded and looked at my Facebook data, and found a laughably inaccurate picture of my life. YouTube seems to think that I am an 18-year-old gamer obsessed with esports and movie trailers, while Twitter seems to think that I am a woman looking to buy an expensive car. By living an unusual life, I have managed to confuse the algorithms. I’m sure that ISPs and Google will have a more complete image of my true self, but for the most part I am happy to leave things as they are. You could say that one strategy is to obtain privacy through obfuscation.

Having said that, maybe our own expectation of privacy is what is mistaken. Privacy after all is a modern affectation, and throughout history most of humanity lived without any. In an age where surveillance is everywhere, and where privacy may very well be dead with no hope of ever coming back, what we should strive for is transparency at all stages of collection and storage. This is indeed where legislation can have a positive effect.

Like this:

4 Comments

Lily
· March 22, 2018 at 2:25 pm

Hey Andres,
I think that you are making a slight mistake here by using yourself as an example. From what I know about you, which is not as much as Google knows, you don’t fit easily into a mould. In terms of your background, and possibly your interests. As a person of mixed heritage, and slightly strange professional history, I feel similarly that my online behaviour is unlikely to give “them” an accurate picture of myself.

But, that incomplete and inaccurate picture might actually be the danger. You probably know, that not fitting into a nice mould can make you wait for much longer time in the security queue at the airport or wait for that credit rating to come through… and that is not even thinking of the wrong conclusions that algorithms might come to.

As for most people, with a slightly less confused or categorisable background, this is is not the most useful analysis.

Something worth fighting for, might be the right correct. Don’t you think?

Andres
· March 22, 2018 at 3:49 pm

Indeed, I already get pulled at immigration all the time, get “random” security checks, and get followed by security guards at shops, this without any sort of algorithmic intervention, I just look suspicious (time to shave-off the beard perhaps).

Actually, in some instances I could do with less privacy. I would love to have a system that vouched for me, I go into a shop and my phone immediately identifies me as a good person, or my passport gets some sort of verification, or the damn immigration officer googles me.

I agree that the future is about to get potentially worse with automated-decision making for everything, but I’m not sure if my oddness digitally will be as annoying as my oddness in real life.

I still think that the Pandora box has been opened, and we may never go back. We can try, but it’s like trying to kill the oil industry, there’s just too much money involved.

I just wanted to add one of my favorite quotes on privacy, and while it may seem very current, it is – in fact – from the US Privacy Study Commission in 977:

“The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.”

Seb
· March 23, 2018 at 7:58 am

Refreshing post in a time when mentioning the words ‘regulation’ and ‘Facebook’ doubles the readership of any news article. I do believe nonetheless that GDPR is a game changer if DPAs are willing do their fair share of due diligence.

Andres Guadamuz, University of Sussex For the last couple of years, journalist Dune Lawrence has been subject to constant harassment. She wrote several articles about an investment firm, and the owner initiated an online defamation Read more…